deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 14:53:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
5af95cd6dae7c94e435f9de936eced6ec6b54e28
windows-itpro-docs/windows/security/threat-protection/auditing/event-5038.md
get-itips 90972e598f Several metadata changes 
added ms.reviewer and manager using ms.date
2019-05-30 10:01:13 -03:00

2.0 KiB
Raw Blame History

title, description, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, author, ms.date, ms.reviewer, manager, ms.author
title description ms.pagetype ms.prod ms.mktglfcycl ms.sitesec ms.localizationpriority author ms.date ms.reviewer manager ms.author
5038(F) Code integrity determined that the image hash of a file is not valid. (Windows 10) Describes security event 5038(F) Code integrity determined that the image hash of a file is not valid. security w10 deploy library none dansimp 04/19/2017 dansimp dansimp

5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

Applies to

  • Windows 10
  • Windows Server 2016

The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

This event generates by Code Integrity feature, if signature of a file is not valid.

Code Integrity is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.

There is no example of this event in this document.

Subcategory: Audit System Integrity

Event Schema:

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: %filepath\filename%

Security Monitoring Recommendations

  • We recommend monitoring for this event, especially on high value assets or computers, because it can be a sign of a software or configuration issue, or a malicious action.